[cabfpub] Public comment on a draft CP for a new US government PKI

Hello, The US Federal PKI is looking for public comment *by October 30* on its draft Certificate Policy for a new PKI intended for public trust: - Background: https://devicepki.idmanagement.gov - Request for comment: https://devicepki.idmanagement.gov/requestcomment/ - CP itself:

Re: [cabfpub] CAA working group description

I tried to write the CABForum WG charter so that it did not include changes to the CAA specification itself; these should indeed be handled at the IETF level. This WG is about adoption of CAA in the Baseline Requirements. Some topics we might cover are: - Requirement for DNSSEC checking—for

[cabfpub] Minutes needed for recent F2F meeting

Once again, thanks to Li-Chun and Chunghwa Telecom for hosting a great and productive meeting in TaipeI! As a reminder - the Notetakers on the topics listed below need to upload their notes to the wiki, so we can have final Minutes to approve and publish. Thanks. Mozilla Root Program Update

Re: [cabfpub] Short-lived certs

Sure, but this didn't answer my questions, and I'm guessing was just a quick reply. I questioned both the motive and the problem statement, and it didn't seem like there were good answers. I'm hoping you could revisit, and we can see how much of a problem this is in actual practice. On Thu, Oct

Re: [cabfpub] CAA, DNSSEC and NXDOMAIN

I believe your interpretation is correct - it is an authoritative positive response of non-existence (meaning not a failure) On Fri, Oct 6, 2017 at 2:43 PM, Doug Beattie via Public wrote: > > > I understand the need to reject CAA lookups if there is DNSSEC on the zone >

Re: [cabfpub] BRs, EVGLs, and "latest version"

Ryan, One issue with the qualified audit, as was expressed during the face-to-face meeting, although I haven’t been able to find it, is that Microsoft apparently requires the WebTrust seal, which is based on an unqualified audit. If anyone can point me to the requirement, I’d appreciate

Re: [cabfpub] BRs, EVGLs, and "latest version"

On Fri, Oct 6, 2017 at 12:07 PM, Gervase Markham via Public < public@cabforum.org> wrote: > During the CAB Forum face-to-face in Taipei, it was noted that the BRs > currently state something which implies something which is not true in > practice. > Gerv, I think it's useful here to distinguish